The Samba-Bugzilla – Attachment 13005 Details for
Bug 12605
Winbindd endless looping in forest trust scan
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for v4-6-test
tmp46.diff.txt (text/plain), 3.28 KB, created by
Stefan Metzmacher
on 2017-03-03 09:50:48 UTC
(
hide
)
Description:
Patches for v4-6-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2017-03-03 09:50:48 UTC
Size:
3.28 KB
patch
obsolete
>From e4519e07a56115eca5568d9c2ab33b140d2f7012 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 2 Mar 2017 08:13:57 +0100 >Subject: [PATCH] s3:winbindd: fix endless forest trust scan >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Commit 0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively >disabled the enumeration of trusts in other forests. > >The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691 >changed the way we fill domain->domain_flags for domains >in other forests. > >Commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the >ability to enumerate trusts of other forests again, in order to >fix https://bugzilla.samba.org/show_bug.cgi?id=11830 > >Now we have the problem that multiple domains >(even outside of our forest) are considert to be >our forest root, as they have the following flags: >NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> > >Autobuild-User(master): Ralph Böhme <slow@samba.org> >Autobuild-Date(master): Thu Mar 2 17:53:14 CET 2017 on sn-devel-144 > >(cherry picked from commit f9aaddcdd8f9ea648c9c5ea804f56ee3ff6c4c67) >--- > source3/winbindd/winbindd_ads.c | 8 ++++++++ > source3/winbindd/winbindd_util.c | 22 ++++++++++++++++++++++ > 2 files changed, 30 insertions(+) > >diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c >index 05ef2ec..cde9099 100644 >--- a/source3/winbindd/winbindd_ads.c >+++ b/source3/winbindd/winbindd_ads.c >@@ -1133,6 +1133,14 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, > } > TALLOC_FREE(parent); > >+ /* >+ * We need to pass the modified properties >+ * to the caller. >+ */ >+ trust->trust_flags = d.domain_flags; >+ trust->trust_type = d.domain_type; >+ trust->trust_attributes = d.domain_trust_attribs; >+ > wcache_tdc_add_domain( &d ); > ret_count++; > } >diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c >index ffcb09d..ab6862d 100644 >--- a/source3/winbindd/winbindd_util.c >+++ b/source3/winbindd/winbindd_util.c >@@ -342,6 +342,20 @@ static void trustdom_list_done(struct tevent_req *req) > char *p; > struct winbindd_tdc_domain trust_params = {0}; > ptrdiff_t extra_len; >+ bool within_forest = false; >+ >+ /* >+ * Only when we enumerate our primary domain >+ * or our forest root domain, we should keep >+ * the NETR_TRUST_FLAG_IN_FOREST flag, in >+ * all other cases we need to clear it as the domain >+ * is not part of our forest. >+ */ >+ if (state->domain->primary) { >+ within_forest = true; >+ } else if (domain_is_forest_root(state->domain)) { >+ within_forest = true; >+ } > > res = wb_domain_request_recv(req, state, &response, &err); > if ((res == -1) || (response->result != WINBINDD_OK)) { >@@ -427,6 +441,14 @@ static void trustdom_list_done(struct tevent_req *req) > > trust_params.trust_attribs = (uint32_t)strtoul(q, NULL, 10); > >+ if (!within_forest) { >+ trust_params.trust_flags &= ~NETR_TRUST_FLAG_IN_FOREST; >+ } >+ >+ if (!state->domain->primary) { >+ trust_params.trust_flags &= ~NETR_TRUST_FLAG_PRIMARY; >+ } >+ > /* > * We always call add_trusted_domain() cause on an existing > * domain structure, it will update the SID if necessary. >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
slow
:
review+
Actions:
View
Attachments on
bug 12605
:
13002
| 13005 |
13006
|
13007